Issue while installing free radius

Surya Teja suryateja042 at gmail.com
Sun Apr 21 12:39:39 CEST 2019


Hi
I have run the server in the debug mode and it keeps saying the error
*1) pap: Comparing with "known-good" Crypt-password*
*(1) pap: ERROR: Crypt digest does not match "known good" digest*
I gave same credentials which i have in radcheck table
mysql> select * from radcheck;
+----+-----------+--------------------+----+------------+
| id | username  | attribute          | op | value      |
+----+-----------+--------------------+----+------------+
|  5 | *testuser2* | Cleartext-Password | := | *GeForce-23* |
+----+-----------+--------------------+----+------------+
Here is the complete info
(1) Received Access-Request Id 146 from 127.0.0.1:51406 to 127.0.0.1:1812
length 79
(1)   User-Name = "testuser2"
(1)   User-Password = "GeForce-23"
(1)   NAS-IP-Address = 10.0.0.140
(1)   NAS-Port = 0
(1)   Message-Authenticator = 0x8d9aa944e7a240ed28d9bc5f112de505
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1)   authorize {
(1)     [preprocess] = ok
(1) auth_log: EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(1) auth_log:    --> /var/log/radius/radacct/127.0.0.1/auth-detail-20190421
(1) auth_log:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20190421
(1) auth_log: EXPAND %t
(1) auth_log:    --> Sun Apr 21 10:24:18 2019
(1)     [auth_log] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "testuser2", looking up realm NULL
(1) suffix: No such realm "NULL"
(1)     [suffix] = noop
(1) eap: No EAP-Message, not doing EAP
(1)     [eap] = noop
(1)     [unix] = updated
(1)     [files] = noop
(1) sql: EXPAND %{User-Name}
(1) sql:    --> testuser2
(1) sql: SQL-User-Name set to 'testuser2'
rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 2961
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 2961
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 2961
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 2961
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 2944
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 2944
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 2944
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"
rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 8.0.15, protocol version 10
rlm_sql (sql): Reserved connection (7)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'testuser2' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'testuser2' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql:   Cleartext-Password := "GeForce-23"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'testuser2' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'testuser2' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(1) sql:    --> SELECT groupname FROM radusergroup WHERE username =
'testuser2' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'testuser2' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (7)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 8.0.15, protocol version 10
(1)     [sql] = ok
(1)     [expiration] = noop
(1)     [logintime] = noop
(1)     [pap] = updated
(1) chillispot_max_bytes: WARNING: Couldn't find check attribute,
control:ChilliSpot-Max-Total-Octets, doing nothing...
(1)     [chillispot_max_bytes] = noop
(1) noresetcounter: WARNING: Couldn't find check attribute,
control:Max-All-Session, doing nothing...
(1)     [noresetcounter] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = PAP
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1)   Auth-Type PAP {
*(1) pap: Login attempt with password*
*(1) pap: Comparing with "known-good" Crypt-password*
*(1) pap: ERROR: Crypt digest does not match "known good" digest*
*(1) pap: Passwords don't match*
(1)     [pap] = reject
(1)   } # Auth-Type PAP = reject
(1) Failed to authenticate the user
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1)   Post-Auth-Type REJECT {
(1) sql: EXPAND .query
(1) sql:    --> .query
(1) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (7)
(1) sql: EXPAND %{User-Name}
(1) sql:    --> testuser2
(1) sql: SQL-User-Name set to 'testuser2'
(1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(1) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'testuser2', 'GeForce-23', 'Access-Reject', '2019-04-21
10:24:18.924630')
(1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'testuser2', 'GeForce-23', 'Access-Reject', '2019-04-21
10:24:18.924630')
(1) sql: SQL query returned: success
(1) sql: 1 record(s) updated
rlm_sql (sql): Released connection (7)
(1)     [sql] = ok
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject:    --> testuser2
(1) attr_filter.access_reject: Matched entry DEFAULT at line 11
(1)     [attr_filter.access_reject] = updated
(1)     [eap] = noop
(1)     policy remove_reply_message_if_eap {
(1)       if (&reply:EAP-Message && &reply:Reply-Message) {
(1)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(1)       else {
(1)         [noop] = noop
(1)       } # else = noop
(1)     } # policy remove_reply_message_if_eap = noop
(1)   } # Post-Auth-Type REJECT = updated
(1) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 146 from 127.0.0.1:1812 to 127.0.0.1:51406 length
20
Waking up in 3.9 seconds.
(1) Cleaning up request packet ID 146 with timestamp +2961
Ready to process requests
The stored credentials and input credentials are same  , I just don't get
why it reject me?
Thank you in advance.


On Sat, Apr 20, 2019 at 7:10 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 20, 2019, at 8:53 AM, Surya Teja <suryateja042 at gmail.com> wrote:
> > Thanks for suggestion and i have followed the steps as per documentation
> > from freeradius.org  installed free radius and the tested with same
> example
> > given, its working fine.
>
>   That's good.
>
> > [root at nusalxsl0983 ~]# radtest testing password 127.0.0.1 0 testing123
>
>   We don't need to see that.
>
> > but i have few other integration which needs changes in few configuration
> > files
> > I am trying to configure the cova chilli with freeradius for captive
> portal
> > as a result of it i need to integrate mysql  with freeradius
> > and need to change the secret key of freeradius default one(testing123)
> to
> > that of  mysql free radius user password
> > as suggested in forum i have modified the secrekey on following config
> files
> > *1)sudo vi /etc/raddb/mods-available/sql*
> > Uncomment and or change the following parameters:
> > driver = "rlm_sql_mysql"
> > dialect = ”mysql”
> > server = "localhost"
> > port = 3306
> > login = "*FREERADIUS_DB_USER*"
> > password = "*FREERADIUS_DB_PASS*"
> > read_clients = yes
>
>   If you add that, you should also put client information into SQL.
>
> > *2)sudo vi /etc/raddb/clients.conf*
> > Change the password to the password used above for FreeRadius MySQL
> > database:
> > *secret* = [*FREERADIUS_DB_PASS*]
>
>   That is 100% the wrong thing to do.  Nothing in the documentation
> suggests that you put the database password into the "clients.conf" file.
> The secret here is for the RADIUS shared secret.
>
> > updated above and restarted freeradius server and tried the same above
> > test case of with new password (secret key)now i am getting exception
> > in radiusd.log
>
>   Stop wasting everyones time.  You were told to look at the debug
> output.  Why are you refusing to do that?
>
>   If you run the server in debug mode, it will tell you which clients it's
> creating.  You don't need to look at the log file.
>
> > can i know is the this secret key needs to be updated in any other
> > configuration files, any idea or suggestion will be more helpful
> > Any help can be appreciated.
>
>   Follow the documentation.  Read the configuration files.  It's all
> pretty clear if you *read* it.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list